A virus is a malicious software written in order to replicate on other computers.
It can also have the effect, desired or not, to interfere in more or less seriously disrupting the functioning of the infected computer.
It can spread throughout a medium of exchange of digital data such as the Internet, as well as floppy disks, CD-ROMs, USB keys, etc...
A virus is a small program, which, when it runs, loads itself into memory and executes the instructions that the author has programmed.
Viruses residents (also known as TSR, Terminate and Stay Resident) deal in the RAM of the computer to infect executable files launched by the user. Non-resident viruses infect programs on the hard drive from their execution.

In fact, most viruses are clones, or more precisely "mutant virus", it means that the virus has been rewritten by other users to change their behavior or signature.

The fact that there are several versions (called variants, like if you use a botkiller, "Variants of CyberGate", etc) of the same virus makes it more difficult to spot because antivirus companies have to add the new signatures to their databases to be able to detect the viruses.

To the extent that the antivirus detects such viruses by their signature (the sequence of bits that identifies them), some virus writers have thought to give them the ability to automatically change their appearance, like a chameleon, by providing the encryption and decryption of their signature. Only these viruses are able to recognize their own signature. This type of virus is named "polymorphic virus".

==================Virus named "retro".
==================
Named "retrovirus" or "bounty hunter", a virus with the ability to change the antivirus signatures to make them ineffective. ("AV-KILL")

====================The boot sector virus.
====================
Named "boot sector virus" (or boot viruses), this virus is able to infect the boot sector of a hard disk (MBR or master boot record).

============================================Virus named "Trans-application" (macro viruses).
============================================
With the proliferation of programs that use macros, Microsoft has developed a common scripting language that can be inserted into most of the documents may contain macros, this is VBScript, a subset of Visual Basic. These viruses are now arriving to infect macros in Microsoft Office documents, it means that this kind of virus may be located inside an ordinary Word document or Excel.
However, more and more applications support Visual Basic, these viruses can be hidden in many other applications that support VBScript.

BHOs are small programs that extend the functions of
a parent program such as Internet Explorer. For example, the BHO can
create navigation bars that piggyback on Internet Explorer (like
navigation bars, Yahoo or Google). BHOs can thus serve ads, redirect Internet connections of
users to different sites than those proposed or even cause the display
of pages other than those requested. BHOs have access to all web pages visited and are able
to convey much information about the habits of the users. BHOs are especially used in Internet Explorer.

LSPs are network drivers that control all data entering and leaving the computer in network connections as is the case on the Internet. A spyware is also able to control the LSP.
Spyware LSP are simply sniffers who have access, record and transmit to third parties any data exchanged (pages visited, information sent such as passwords for different services or even the account identifiers)

================Keyloggers, RATs.
================
Keyloggers, RATs are small spy programs that record all keystrokes on a keyboard connected to an infected computer. Periodically, the keylogger sends the collected information to the attacker. The most sophisticated keyloggers do not just record keystrokes but also perform screen captures.
They aim to use all the facilities available to them on the computer of the victim such as:

The tracking cookies are the basis of cookies, nothing more than normal on the Internet, but unlike traditional cookies that are accessible and dedicated them to the only website that has passed, the tracking cookies are available at several Internet sites that which has the effect of allowing sites associated with these tracking cookies to track user activity on the Internet, sites visited and actions made ​​on each site visited.
As such, tracking cookies are not a risk to the computer system on which they are located but can be a strong attack on the privacy of users.
Companies that exploit the tracking cookies are usually shops and are often advertising.

========Stealer.
========

A Stealer is a virus very popular. It steals all your passwords saved by your system.
When
the virus has completed to steal all information, they are sent to an
email where the creator of the virus has access, or on a CPanel.
Finally, it completely destroys your system.

========Rootkit.
========

A
rootkit is a set of technics implemented by one or more software, which
aims to achieve and sustain access (generally not allowed) to a
computer.

A rootkit can be installed in another program, library or in the
nucleus of an operating system. Some may change the hypervisor running
on top of systems or firmware embedded in hardware. Most rootkits are
used to install malicious software on machines where access is granted.
Some suppliers of computer hardware, such as Sony, use them to ensure
compliance with the terms and conditions of their products by their
customers. Removing a rootkit is a difficult operation.

They are
generally classified as malware, but not always, they can use "viral
technics" to be transmitted (eg, using a virus or trojan horse). There
are tools for detection and protection methods to counter them but they
are not fully effective.

======Dialer.
======

A dialer is a small program, usually installed without any action from
the "future" victim. Once installed, the dialer disconnects the active
connection to automatically reconnect, usually by a premium rate number
to another provider to offer access offering other types of content
(games, mp3, cracks, sex...)
In general the re-connection via dial is invisible to users.
It
should be noted that the act dialers by switched telephone lines (PSTN
via a modem) and have no impact on DSL lines in the absence of PSTN
modem connected.

Source: Google and my own knowledge.

If there are mistakes, or if you have something to add, please, send me a private message.

Lots of good information here, this is a good contribution. Hopefully we can back up our computer security area again over time, we've become centralized around programming, gaming, and Windows operating systems lately.

(02-25-2012, 09:41 PM)AceInfinity Wrote: Lots of good information here, this is a good contribution. Hopefully we can back up our computer security area again over time, we've become centralized around programming, gaming, and Windows operating systems lately.

I know at GeekForums, that's ALL they really focus on, so the community there, doesn't fit well with what I do and what i'm interested in for computers. SevenForums is more on the programming, BSOD, and tech side which is what I like, but i'm banned there. There's several other forums that I could go to, but as far as i'm concerned TLF is still my number 1 pick, and MSDN for when I have no one to help here with .NET lol.

I'm a member there, I enjoy helping people out though, I just wish there were more members with problems here lol, for that reason. Helping people and sharing my knowledge is a hobby in itself for me. Just reminds me of when I was starting to learn about some of the things that I help others with, and I feel good that I can help somebody out in that way :)

(02-25-2012, 09:56 PM)AceInfinity Wrote: I know at GeekForums, that's ALL they really focus on, so the community there, doesn't fit well with what I do and what i'm interested in for computers. SevenForums is more on the programming, BSOD, and tech side which is what I like, but i'm banned there. There's several other forums that I could go to, but as far as i'm concerned TLF is still my number 1 pick, and MSDN for when I have no one to help here with .NET lol.

I'm a member there, I enjoy helping people out though, I just wish there were more members with problems here lol, for that reason. Helping people and sharing my knowledge is a hobby in itself for me. Just reminds me of when I was starting to learn about some of the things that I help others with, and I feel good that I can help somebody out in that way :)

Yeah, it is true, the forum is not well known yet, people with problems are active on other forums, but, I think, if we organize a "true" group, like HJT on HF, with teachers, helpers, students, the forum would be very active. I had read that you planned to do it with Quintus/Paradoxum (he is my teacher) but that you have ended the project, what happened?

Vexna Wrote:I had read that you planned to do it with Quintus/Paradoxum (he is my teacher) but that you have ended the project, what happened?

Where did you hear that I "ended the project"? That is respectfully not true though, i've been waiting for months for Quintus to do anything, and he hasn't done anything. He's talked about it over this whole period of time (last 4+ months or more) and nothing new has happened at all. It was about a month to 2 months ago that he mentioned people were almost graduated, and that he'd move things over here soon to help us out but that is still unheard of, so i'm a bit annoyed with him for keeping us in the dark as to what is really going on here. Either he has been lying to me, or something had happened long the way all these times coincidentally that he's not been keeping us up to date with.

Vexna Wrote:I had read that you planned to do it with Quintus/Paradoxum (he is my teacher) but that you have ended the project, what happened?

Where did you hear that I "ended the project"? That is respectfully not true though, i've been waiting for months for Quintus to do anything, and he hasn't done anything. He's talked about it over this whole period of time (last 4+ months or more) and nothing new has happened at all. It was about a month to 2 months ago that he mentioned people were almost graduated, and that he'd move things over here soon to help us out but that is still unheard of, so i'm a bit annoyed with him for keeping us in the dark as to what is really going on here. Either he has been lying to me, or something had happened long the way all these times coincidentally that he's not been keeping us up to date with.